npm - @intlayer/backend - Versions diffs - 3.1.0 → 3.2.1 - Mend

@intlayer/backend 3.1.0 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (216) hide show

package/dist/esm/controllers/sessionAuth.controller.mjs CHANGED Viewed

@@ -1,3 +1,4 @@
+import crypto from "crypto";
 import { logger } from './../logger/index.mjs';
 import { sessionAuthRoutes } from './../routes/sessionAuth.routes.mjs';
 import { sendEmail } from './../services/email.service.mjs';
@@ -10,6 +11,7 @@ import { mapOrganizationToAPI } from './../utils/mapper/organization.mjs';
 import { mapProjectToAPI } from './../utils/mapper/project.mjs';
 import { mapUserToAPI } from './../utils/mapper/user.mjs';
 import { formatResponse } from './../utils/responseData.mjs';
+import { t } from "express-intlayer";
 import { Types } from "mongoose";
 import { v4 as uuidv4 } from "uuid";
 const setCSRFToken = (req, res, _next) => {
@@ -22,10 +24,15 @@ const setCSRFToken = (req, res, _next) => {
 };
 const registerEmailPassword = async (req, res, _next) => {
   const { user } = res.locals;
+  const { callBack_url } = req.query;
   if (user) {
     ErrorHandler.handleGenericErrorResponse(res, "USER_ALREADY_LOGGED_IN");
     return;
   }
+  if (callBack_url && !callBack_url.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   const userData = req.body;
   try {
     let user2 = await userService.getUserByEmail(userData.email);
@@ -33,22 +40,18 @@ const registerEmailPassword = async (req, res, _next) => {
       const emailProvider = user2.provider?.find(
         (provider) => provider.provider === "email"
       );
-      if (emailProvider) {
-        if (emailProvider.emailValidated) {
-          ErrorHandler.handleGenericErrorResponse(
-            res,
-            "EMAIL_ALREADY_VALIDATED"
-          );
-          return;
-        } else {
-          user2 = await sessionAuthService.updateUserProvider(
-            user2._id,
-            "email",
-            {
-              secret: uuidv4()
-            }
-          );
-        }
+      if (emailProvider?.emailValidated) {
+        ErrorHandler.handleGenericErrorResponse(
+          res,
+          "EMAIL_ALREADY_REGISTERED"
+        );
+        return;
+      } else if (emailProvider) {
+        user2 = await sessionAuthService.updateUserProvider(user2._id, "email", {
+          provider: "email",
+          emailValidated: void 0,
+          secret: uuidv4()
+        });
       } else {
         user2 = await sessionAuthService.addUserProvider(user2._id, {
           provider: "email",
@@ -57,7 +60,16 @@ const registerEmailPassword = async (req, res, _next) => {
         });
       }
     } else {
-      user2 = await userService.createUser(userData);
+      user2 = await userService.createUser({
+        ...userData,
+        provider: [
+          {
+            provider: "email",
+            emailValidated: void 0,
+            secret: uuidv4()
+          }
+        ]
+      });
       logger.info(`New registration: ${user2.name} - ${user2.email}`);
     }
     if (!user2) {
@@ -66,9 +78,30 @@ const registerEmailPassword = async (req, res, _next) => {
       });
       return;
     }
-    await sessionAuthService.setUserAuth(res, user2);
+    await sendEmail({
+      type: "validate",
+      to: user2.email,
+      username: user2.name ?? user2.email.split("@")[0],
+      validationLink: sessionAuthRoutes.validEmail.url({
+        userId: String(user2._id),
+        secret: user2.provider?.find((provider) => provider.provider === "email")?.secret ?? "",
+        callBack_url
+      })
+    });
     const formattedUser = mapUserToAPI(user2);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "User registered successfully",
+        fr: "Utilisateur enregistr\xE9 avec succ\xE8s",
+        es: "Usuario registrado con \xE9xito"
+      }),
+      description: t({
+        en: "Your user has been registered successfully. Please check your email to validate your account.",
+        fr: "Votre utilisateur a \xE9t\xE9 enregistr\xE9 avec succ\xE8s. Veuillez v\xE9rifier votre e-mail pour valider votre compte.",
+        es: "Su usuario ha sido registrado con \xE9xito. Por favor, revise su correo electr\xF3nico para validar su cuenta."
+      }),
+      data: formattedUser
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -97,7 +130,19 @@ const loginEmailPassword = async (req, res, _next) => {
     }
     await sessionAuthService.setUserAuth(res, loggedInUser);
     const formattedUser = mapUserToAPI(loggedInUser);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "User logged in successfully",
+        fr: "Utilisateur connect\xE9 avec succ\xE8s",
+        es: "Usuario conectado con \xE9xito"
+      }),
+      description: t({
+        en: "Your user has been logged in successfully",
+        fr: "Votre utilisateur a \xE9t\xE9 connect\xE9 avec succ\xE8s",
+        es: "Su usuario ha sido conectado con \xE9xito"
+      }),
+      data: formattedUser
+    });
     logger.info(`Login: ${loggedInUser.email}`);
     res.json(responseData);
     return;
@@ -116,7 +161,19 @@ const logOut = async (_req, res, _next) => {
   sessionAuthService.clearOrganizationAuth(res);
   sessionAuthService.clearProjectAuth(res);
   logger.info(`Logout: ${user.name} - ${user.email}`);
-  const responseData = formatResponse({ data: void 0 });
+  const responseData = formatResponse({
+    message: t({
+      en: "User logged out successfully",
+      fr: "Utilisateur d\xE9connect\xE9 avec succ\xE8s",
+      es: "Usuario desconectado con \xE9xito"
+    }),
+    description: t({
+      en: "Your user has been logged out successfully",
+      fr: "Votre utilisateur a \xE9t\xE9 d\xE9connect\xE9 avec succ\xE8s",
+      es: "Su usuario ha sido desconectado con \xE9xito"
+    }),
+    data: void 0
+  });
   res.json(responseData);
 };
 const updatePassword = async (req, res, _next) => {
@@ -126,20 +183,34 @@ const updatePassword = async (req, res, _next) => {
     ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED");
     return;
   }
-  try {
-    const { error } = await sessionAuthService.testUserPassword(
-      user.email,
-      oldPassword
+  const userEmailProvider = user.provider?.find(
+    (provider) => provider.provider === "email"
+  );
+  if (!userEmailProvider) {
+    ErrorHandler.handleGenericErrorResponse(res, "USER_PROVIDER_NOT_FOUND", {
+      provider: "email"
+    });
+    return;
+  }
+  if (userEmailProvider.passwordHash && !oldPassword) {
+    ErrorHandler.handleGenericErrorResponse(
+      res,
+      "USER_PREVIOUS_PASSWORD_NOT_PROVIDED"
     );
-    if (error) {
-      ErrorHandler.handleGenericErrorResponse(res, "LOGIN_FAILED");
-      return;
+    return;
+  }
+  try {
+    if (oldPassword) {
+      const { error } = await sessionAuthService.testUserPassword(
+        user.email,
+        oldPassword
+      );
+      if (error) {
+        ErrorHandler.handleGenericErrorResponse(res, "LOGIN_FAILED");
+        return;
+      }
     }
-    user = await sessionAuthService.changeUserPassword(
-      user._id,
-      oldPassword,
-      newPassword
-    );
+    user = await sessionAuthService.changeUserPassword(user._id, newPassword);
     if (!user || typeof user !== "object") {
       ErrorHandler.handleGenericErrorResponse(res, "USER_DATA_NOT_FOUND");
       return;
@@ -148,7 +219,65 @@ const updatePassword = async (req, res, _next) => {
       `Password changed - User : Name : ${user.name}, id : ${String(user._id)}`
     );
     const formattedUser = mapUserToAPI(user);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "Password changed successfully",
+        fr: "Mot de passe modifi\xE9 avec succ\xE8s",
+        es: "Contrase\xF1a cambiada con \xE9xito"
+      }),
+      description: t({
+        en: "Your password has been changed successfully",
+        fr: "Votre mot de passe a \xE9t\xE9 modifi\xE9 avec succ\xE8s",
+        es: "Su contrase\xF1a ha sido cambiada con \xE9xito"
+      }),
+      data: formattedUser
+    });
+    res.json(responseData);
+    return;
+  } catch (error) {
+    ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+let clients = [];
+const sendVerificationUpdate = (user) => {
+  const filteredClients = clients.filter(
+    (client) => String(client.userId) === String(user._id)
+  );
+  for (const client of filteredClients) {
+    const provider = user.provider?.find(
+      (provider2) => provider2.provider === "email"
+    );
+    if (provider?.emailValidated) {
+      client.res.write(
+        `data: ${JSON.stringify({ userId: user._id, status: "verified" })}
+`
+      );
+      continue;
+    }
+    client.res.write(
+      `data: ${JSON.stringify({ userId: user._id, status: "waiting" })}
+`
+    );
+  }
+};
+const checkIfUserHasPassword = async (_req, res, _next) => {
+  const { user } = res.locals;
+  if (!user) {
+    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED");
+    return;
+  }
+  try {
+    const userProvider = user.provider?.find(
+      (provider) => provider.provider === "email"
+    );
+    const responseData = formatResponse({
+      data: {
+        hasPassword: Boolean(userProvider?.passwordHash)
+      }
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -158,15 +287,11 @@ const updatePassword = async (req, res, _next) => {
 };
 const validEmail = async (req, res, _next) => {
   const { userId, secret } = req.params;
-  const { organization } = res.locals;
+  const callBack_url = `${req.query.callBack_url ?? `${process.env.CLIENT_URL}/auth/login`}?userId=${userId}`;
   if (!Types.ObjectId.isValid(userId.toString())) {
     ErrorHandler.handleGenericErrorResponse(res, "INVALID_USER_ID");
     return;
   }
-  if (!organization) {
-    ErrorHandler.handleGenericErrorResponse(res, "ORGANIZATION_NOT_DEFINED");
-    return;
-  }
   const user = await userService.getUserById(userId);
   if (!user) {
     ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED", {
@@ -174,19 +299,63 @@ const validEmail = async (req, res, _next) => {
     });
     return;
   }
-  await sessionAuthService.activateUser(user._id, secret);
+  if (callBack_url && !callBack_url.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
+  const provider = user.provider?.find(
+    (provider2) => provider2.provider === "email"
+  );
+  if (provider?.emailValidated) {
+    res.redirect(callBack_url);
+  }
+  if (!provider?.secret) {
+    throw new GenericError("USER_PROVIDER_SECRET_NOT_DEFINED", { userId });
+  }
+  if (!crypto.timingSafeEqual(Buffer.from(provider.secret), Buffer.from(secret))) {
+    throw new GenericError("USER_PROVIDER_SECRET_NOT_VALID", { userId });
+  }
+  await sessionAuthService.updateUserProvider(userId, "email", {
+    secret: void 0,
+    emailValidated: /* @__PURE__ */ new Date()
+  });
   logger.info(
     `User activated - User: Name: ${user.name}, id: ${String(user._id)}`
   );
+  sendVerificationUpdate(user);
+  await sessionAuthService.setUserAuth(res, user);
   await sendEmail({
     type: "welcome",
     to: user.email,
     username: user.name,
-    loginLink: sessionAuthRoutes.loginEmailPassword.url
+    loginLink: callBack_url
+  });
+  res.redirect(callBack_url);
+};
+const verifyEmailStatusSSE = async (req, res) => {
+  res.setHeader("Content-Type", "text/event-stream;charset=utf-8");
+  res.setHeader("Cache-Control", "no-cache, no-transform");
+  res.setHeader("Connection", "keep-alive");
+  res.setHeader("X-Accel-Buffering", "no");
+  res.write(":\n\n");
+  res.flushHeaders();
+  const { userId } = req.params;
+  const clientId = Date.now();
+  const user = await userService.getUserById(userId);
+  if (!user) {
+    logger.error(`User not found - User ID: ${userId}`);
+    res.write(`data: ${JSON.stringify({ userId, status: "error" })}
+`);
+    res.end();
+    return;
+  }
+  const newClient = { id: clientId, userId, res };
+  clients.push(newClient);
+  sendVerificationUpdate(user);
+  req.on("close", () => {
+    clients = clients.filter((client) => client.id !== clientId);
   });
-  const formattedUser = mapUserToAPI(user);
-  const responseData = formatResponse({ data: formattedUser });
-  res.json(responseData);
 };
 const askResetPassword = async (req, res, _next) => {
   const { email } = req.body;
@@ -214,7 +383,19 @@ const askResetPassword = async (req, res, _next) => {
         )?.secret ?? ""
       })
     });
-    const responseData = formatResponse({ data: void 0 });
+    const responseData = formatResponse({
+      message: t({
+        en: "Password reset request sent successfully",
+        fr: "Demande de r\xE9initialisation de mot de passe envoy\xE9e avec succ\xE8s",
+        es: "Solicitud de restablecimiento de contrase\xF1a enviada con \xE9xito"
+      }),
+      description: t({
+        en: "Your password reset request has been sent successfully. Please check your email to reset your password.",
+        fr: "Votre demande de r\xE9initialisation de mot de passe a \xE9t\xE9 envoy\xE9e avec succ\xE8s. Veuillez v\xE9rifier votre e-mail pour r\xE9initialiser votre mot de passe.",
+        es: "Su solicitud de restablecimiento de contrase\xF1a ha sido enviada con \xE9xito. Por favor, revise su correo electr\xF3nico para restablecer su contrase\xF1a."
+      }),
+      data: void 0
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -249,7 +430,19 @@ const resetPassword = async (req, res, _next) => {
       username: updatedUser.name
     });
     const formattedUser = mapUserToAPI(updatedUser);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "Password reset successfully",
+        fr: "R\xE9initialisation du mot de passe r\xE9ussie",
+        es: "Restablecimiento de contrase\xF1a exitoso"
+      }),
+      description: t({
+        en: "Your password has been reset successfully. You can now log in with your new password",
+        fr: "Votre mot de passe a \xE9t\xE9 r\xE9initialis\xE9 avec succ\xE8s. Vous pouvez maintenant vous connecter avec votre nouveau mot de passe",
+        es: "Su contrase\xF1a ha sido restablecida con \xE9xito. Ahora puede iniciar sesi\xF3n con su nueva contrase\xF1a"
+      }),
+      data: formattedUser
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -265,15 +458,19 @@ const getSessionInformation = async (req, res, _next) => {
     if (sessionToken) {
       user = await userService.getUserBySession(sessionToken);
     }
-    if (!user) {
-      ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED");
+    if (!user || !user?.session) {
+      const responseData2 = formatResponse({
+        data: {
+          session: null,
+          user: null,
+          organization: organization?._id ? mapOrganizationToAPI(organization, isOrganizationAdmin) : null,
+          project: project?._id ? mapProjectToAPI(project, user, isProjectAdmin) : null
+        }
+      });
+      res.json(responseData2);
       return;
     }
     const session = user.session;
-    if (!session) {
-      ErrorHandler.handleGenericErrorResponse(res, "SESSION_NOT_FOUND");
-      return;
-    }
     const formattedUser = {
       ...mapUserToAPI(user),
       role: "user"
@@ -300,11 +497,15 @@ const githubLoginQuery = (req, res, _next) => {
     ErrorHandler.handleGenericErrorResponse(res, "USER_ALREADY_LOGGED_IN");
     return;
   }
+  if (origin && !origin.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   const encodedOrigin = encodeURIComponent(origin);
   const redirectURI = `${process.env.BACKEND_URL}/api/auth/callback/github?redirect_uri=${encodedOrigin}`;
   const encodedRedirectURI = encodeURIComponent(redirectURI);
   res.redirect(
-    `https://github.com/login/oauth/authorize?client_id=${process.env.GITHUB_CLIENT_ID}&redirect_uri=${encodedRedirectURI}`
+    `https://github.com/login/oauth/authorize?client_id=${process.env.GITHUB_CLIENT_ID}&redirect_uri=${encodedRedirectURI}&scope=user:email`
   );
 };
 const githubCallback = async (req, res, _next) => {
@@ -321,6 +522,10 @@ const githubCallback = async (req, res, _next) => {
     res.redirect(redirect_uri);
     return;
   }
+  if (redirect_uri && !redirect_uri.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   try {
     const tokenResponse = await fetch(
       "https://github.com/login/oauth/access_token",
@@ -418,7 +623,7 @@ const githubCallback = async (req, res, _next) => {
       type: "welcome",
       to: user.email,
       username: user.name,
-      loginLink: sessionAuthRoutes.loginEmailPassword.url
+      loginLink: `${process.env.CLIENT_URL}/auth/login`
     });
     res.redirect(redirect_uri);
   } catch (error) {
@@ -435,6 +640,10 @@ const googleLoginQuery = (req, res, _next) => {
     res.redirect(origin);
     return;
   }
+  if (origin && !origin.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   const responseType = "code";
   const scope = [
     "https%3A//www.googleapis.com/auth/userinfo.email",
@@ -466,6 +675,10 @@ const googleCallback = async (req, res, _next) => {
     res.redirect(responseCode, redirect_uri);
     return;
   }
+  if (redirect_uri && !redirect_uri.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   try {
     const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
       method: "POST",
@@ -554,8 +767,9 @@ const googleCallback = async (req, res, _next) => {
       type: "welcome",
       to: user.email,
       username: user.name,
-      loginLink: sessionAuthRoutes.loginEmailPassword.url
+      loginLink: `${process.env.CLIENT_URL}/auth/login`
     });
+    res.redirect(redirect_uri);
   } catch (error) {
     ErrorHandler.handleAppErrorResponse(res, error);
     return;
@@ -563,6 +777,7 @@ const googleCallback = async (req, res, _next) => {
 };
 export {
   askResetPassword,
+  checkIfUserHasPassword,
   getSessionInformation,
   githubCallback,
   githubLoginQuery,
@@ -572,8 +787,10 @@ export {
   loginEmailPassword,
   registerEmailPassword,
   resetPassword,
+  sendVerificationUpdate,
   setCSRFToken,
   updatePassword,
-  validEmail
+  validEmail,
+  verifyEmailStatusSSE
 };
 //# sourceMappingURL=sessionAuth.controller.mjs.map